We performed a comparison between ManageEngine Log360 and Splunk Enterprise Security based on real PeerSpot user reviews.
Find out in this report how the two Security Information and Event Management (SIEM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product can integrate with any device."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"It's easy to use. It's a very good product. It can easily ingest data from anywhere. It has an easily understandable language to perform actions."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"We haven't had any stability issues."
"The product is very user-friendly."
"The Sharecon feature is the most valuable."
"The solution could be improved by including XDR, remediation and Sandbox."
"ManageEngine Log360 is not difficult to deploy."
"It basically helps us. We have to stay in compliance with certain issues with some of our customers. We have to have these types of tools in place for protecting our network and our data. We're in the aerospace industry, so we have a lot of defense contracts. So, all those guys will make sure that we're protecting their information, and it does a good job in that aspect."
"It is easier to deploy than are other SIEMs, which is great. You can also get an overview of your environment, which is very handy."
"The reporting is great. Everything you need is in the report for you already."
"I like the search feature and the indexing. It's very fast and comprehensive."
"It can log more logs than other solutions. It's a good way to troubleshoot problems."
"We used it to create a custom anomaly detection data model to monitor the activity of our back-end services on an hourly basis relative to the past three months of activity."
"Splunk provides immediate visibility into key business metrics and new business insights that deliver immediate value."
"The most valuable features in Splunk are the search function and the ability to run selected session reports. The session reports are important because I can use them to see what is going on in our environment weekly. Additionally, we can use the graph to see how often that particular event is happening."
"It's better than IBM, in my opinion, because it's an independent entity."
"Low barrier to start searching with the ability to normalize data on the fly."
"The initial setup is really straightforward. It's one of the easiest installations."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"The on-prem log sources still require a lot of development."
"We have been working with multiple customers, and every time we onboard a customer, we are missing an essential feature that surprisingly doesn't exist in Sentinel. We searched the forums and knowledge bases but couldn't find a solution. When you onboard new customers, you need to enable the data connectors. That part is easy, but you must create rules from scratch for every associated connector. You click "next," "next," "next," and it requires five clicks for each analytical rule. Imagine we have a customer with 150 rules."
"The only thing is sometimes you can have a false positive."
"They need to work with other security vendors. For example, we replaced our email gateway with Symantec, but we couldn't collect these logs with Azure Sentinel. Instead of collecting these logs with Azure Sentinel, we are collecting them on Qradar. We couldn't do it with Sentinel, which is a problem for us."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The troubleshooting has room for improvement."
"The matter of the data retention needs to be addressed."
"There is room for improvement, especially in the reporting aspect. The reports are not as good as those in Splunk."
"The solution lacks some features when compared to other products."
"The integration with SharePoint and Teams should be improved."
"The solution needs to improve hub storage. It should integrate AI and ML capabilities."
"It's difficult to find which conditions have been applied to a report because they are provided by default by ManageEngine. However, with other SIEMs if you want to create a report, they provide details, like which conditions are triggering certain reports. This needs to be there in ManageEngine. It would be good to know which parameter has been applied to the report that is updating the system."
"Their technical support should be improved."
"Most times log sheets are not assigned well."
"I haven't found a way for me to create my own plugins and integrate them into Splunk, but this isn't necessarily a limitation; it could simply be a lack of knowledge on my part."
"Make it easier to include roles and user controls, as it is horrible now."
"Make it easy to use and the cost cheaper. This will help all organisations to implement Splunk."
"More training on PetaData using artificial intelligence techniques to identify the events which are not normal and exceptions that would help the organization identify threats and malware on the go with results."
"Our two main complaints are about the difficulty of the initial setup and the licensing model."
"We will receive alerts only for the administrators and deployment servers, but not for all servers."
"The case management area of the ES could be improved. The ability to move cases through various stages and states. The ability to close a case would be key improvement."
"The UI can be difficult to understand for non-technical people."
ManageEngine Log360 is ranked 24th in Security Information and Event Management (SIEM) with 15 reviews while Splunk Enterprise Security is ranked 1st in Security Information and Event Management (SIEM) with 240 reviews. ManageEngine Log360 is rated 7.2, while Splunk Enterprise Security is rated 8.4. The top reviewer of ManageEngine Log360 writes "Facilitates incident backtracking and identifying the cause of incidents but insufficient intelligence-driven analysis to suppress unnecessary alerts". On the other hand, the top reviewer of Splunk Enterprise Security writes "It has a drag-and-drop interface, so you don't need to know SQL or Java to construct a query ". ManageEngine Log360 is most compared with ManageEngine EventLog Analyzer, Wazuh, Fortinet FortiSIEM, SolarWinds Security Event Manager and LogRhythm SIEM, whereas Splunk Enterprise Security is most compared with Wazuh, Dynatrace, IBM Security QRadar, Elastic Security and Datadog. See our ManageEngine Log360 vs. Splunk Enterprise Security report.
See our list of best Security Information and Event Management (SIEM) vendors and best Log Management vendors.
We monitor all Security Information and Event Management (SIEM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.